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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timery filed 
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DETAILED ACTION 

Claim Objections 

1 . Claim(s) d - d 0 are objected to because of the following informalities: claims d 
- c10 are numbered in letters and numerals, and should be numbered in numerals and 
in ascending order. For example the claims should be labeled 1-10, and not d - c10. 
Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claim(s) c1 -c10 are rejected under 35 USC 103 (a) as being obvious over 
Cheng et al. (US Patent # 7107609 B2) in view of Fontes et al. (US Patent # 7058718 
B2). 

Cheng discloses a system of an external network (i.e. the internet) with external hosts 
and internal network (i.e. private network) with internal hosts, and in between the 
external network and the internal network there is a firewall cluster (i.e. multiple 
firewalls), Figure 1 & Col. 3, lines 15-22. The firewall consists of many firewalls that 
are synchronized with each other to allow any internal client to request information from 
the external network by choose anyone of firewalls: 12, 14, 16, 18; see Figure 1 & Col. 

3. lines 21 - 27. The internal networks are called sub-networks, which are made up of 
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LAN (Local Area Networks), and are labeled 32, 34, 36, and are geographically 
separated from each other with an associated firewall attached to the sub-network, 
Figure 1 , Col. 3, lines 30 -36. Each firewall in the firewall cluster is made up of a 
processor, state machine that stores the state of the firewall in memory contained in the 
firewall, (col. 5, lines 3 -14 & figure 4. When the client requests information or data 
from the external network, the data 120 (figure 3), the data 120 must be received by the 
original host that requested the data, and the corresponding firewall in the firewall 
cluster that protects the original requesting host of the internal sub-network. If the data 
120 from the internet doesn't reach the original host/firewall, the different firewall in the 
firewall cluster that received the data 120 packet flow that didn't originate from the 
different firewall; that firewall is in charge to find the home device (i.e. firewall) to 
forward the data 120 packet flow from the internet to the original requesting host. The 
receiving device (i.e. a firewall) will send out a signal and the first data packet from the 
data 120-packet flow to all firewalls on the firewall cluster to see who is the home device 
or the requesting host device. All firewalls will update their state table and forwarding 

* 

tables; once the home device or requesting device is found the, the firewall that didn't 
request the data 120 from the internet will up data its state table and forwarding table 
and forward all data 120 packets to the home device and host respectively, Col 4, lines 
38 - 67 & Col 5, lines 1-3; Col. 4, lines 4 -10. 

Cheng does not appear to explicitly disclose a modified SYN cookie that will allow for a 
modification of a SYN packet and SYN/ACK that is sent from the client to the server and 
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server to client to inform other firewalls of the same network of the current connection 

* 

state or session characteristics of the other firewalls on the network. 

However, Fontes discloses blended SYN cookie or modified SYN cookie that is 
embedded in SYN packet that is sent from a client to a server and a modified SYN/ACK 
packet that is sent from the server to the client, Col. 5, lines 32 - 34. The blended SYN 
cookie is embedded in the SYN/ACK, the SYN/ACK includes a Hash of the IP address 
of the server and the corresponding port of the server, random seed, date and time 
value, index value to a legitimate TCP connections table and client sequence number, 
Col.5, lines 32 - 45. The blended SYN cookie is used to authenticate the client, this 
takes place in the networks firewall or firewalls. Once the authentication of the client is 
authenticated, the firewall or firewalls of the network become the authenticated client 
and will now be used to establish a connection with the server, Col. 5, lines 46 - 58 & 
Col. 8, lines 20 - 34. 

Cheng and Fontes are analogous art because they are from the "same field of 
endeavor," and are both are developed to prevent the breech of internet security of 
user's information or profile, requested data in transit from one host to anther host, or 

♦ 

data in transit from one device to another device, in general both inventions are 

k 

developed to strengthen security on the internet and its vast array of activities. 



* 

»"■ 
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At the time of the invention, it would have been obvious to one of ordinary skill in the art, 
having the teachings of Cheng and Fontes before him or her, to modify the multiple 
firewall devices of Cheng to include a modified SYN cookie of Fontes, which would 
allow for synchronization of the multiple firewalls on the network facilitates 
authentication of clients requesting information from the internet, Col. 5, lines 48 - 58 & 
Col. 7, lines 1 0 - 1 5 of Fontes. 

The suggestion/motivation for doing so would have been to modify how a client on a 
internal network (i.e. private network) would request access to a external unsecured 
network (i.e. the internet) and not be susceptible to a synchronization attack or 
acknowledgement attack, Col 5, lines 17-21. 

Therefore it would have been obvious to combine Fontes with Cheng to obtain the 
invention as specified in the instant claim(s). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Dant B. Shaifer - Harriman whose telephone number is 
571-272-7910. The examiner can normally be reached on Monday - Thursday: 8:00am 
- 5:30pm Alt. Fridays off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on (571 ) 272-381 1 . The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 





